feat: enable oauth2 as default (#182)

* feat: enable oauth2 as default * fix: menu item name for project scan * feat: add preference to force token auth * fix: update environment correctly * chore: keep token auth as default for now * chore: update Eclipse default URL to https://api.snyk.io * fix: update deps
snyk · Aug 27, 2024 · 145426a · 145426a
1 parent 28daa82
commit 145426a
Show file tree

Hide file tree

Showing 18 changed files with 84 additions and 119 deletions.
diff --git a/plugin/META-INF/MANIFEST.MF b/plugin/META-INF/MANIFEST.MF
@@ -26,12 +26,12 @@ Require-Bundle: org.eclipse.ui,
 Automatic-Module-Name: io.snyk.eclipse.plugin.tests
 Bundle-ActivationPolicy: lazy
 Bundle-ClassPath: .,
- target/dependency/commons-codec-1.16.1.jar,
+ target/dependency/commons-codec-1.17.0.jar,
  target/dependency/commons-lang3-3.12.0.jar,
  target/dependency/commons-logging-1.2.jar,
  target/dependency/httpclient-4.5.14.jar,
  target/dependency/httpcore-4.4.16.jar,
- target/dependency/jackson-annotations-2.16.1.jar,
- target/dependency/jackson-core-2.16.1.jar,
- target/dependency/jackson-databind-2.16.1.jar,
+ target/dependency/jackson-annotations-2.16.2.jar,
+ target/dependency/jackson-core-2.16.2.jar,
+ target/dependency/jackson-databind-2.16.2.jar,
  target/dependency/javax.inject-1.jar
diff --git a/plugin/OSGI-INF/l10n/bundle.properties b/plugin/OSGI-INF/l10n/bundle.properties
@@ -7,9 +7,8 @@ view.name=Snyk Results
 page.name=Snyk
 command.name=Run
 command.label=Snyk Test
-command.label.0=Snyk Test
+command.label.0=Snyk Test Project
 
 scanWorkspace.name=snykWorkspaceScan
 scanWorkspace.label=Snyk Test Workspace
-command.label.0=Snyk Test Workspace
 
diff --git a/plugin/build.properties b/plugin/build.properties
@@ -7,14 +7,14 @@ bin.includes = plugin.xml,\
                contexts.xml,\
                OSGI-INF/l10n/bundle.properties,\
                OSGI-INF/,\
-               target/dependency/commons-codec-1.16.1.jar,\
+               target/dependency/commons-codec-1.17.0.jar,\
                target/dependency/commons-lang3-3.12.0.jar,\
                target/dependency/commons-logging-1.2.jar,\
                target/dependency/httpclient-4.5.14.jar,\
                target/dependency/httpcore-4.4.16.jar,\
-               target/dependency/jackson-annotations-2.16.1.jar,\
-               target/dependency/jackson-core-2.16.1.jar,\
-               target/dependency/jackson-databind-2.16.1.jar,\
+               target/dependency/jackson-annotations-2.16.2.jar,\
+               target/dependency/jackson-core-2.16.2.jar,\
+               target/dependency/jackson-databind-2.16.2.jar,\
                target/dependency/javax.inject-1.jar
 src.includes =src/,\
                icons/
diff --git a/plugin/io.snyk.eclipse.plugin.eml b/plugin/io.snyk.eclipse.plugin.eml
@@ -4,8 +4,8 @@
 	<contentEntry url="file://$MODULE_DIR$">
 		<excludeFolder url="file://$MODULE_DIR$/target"/>
 	</contentEntry>
-	<lib name="commons-codec-1.16.1.jar" scope="COMPILE">
-		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/commons-codec-1.16.1.jar!/"/>
+	<lib name="commons-codec-1.17.0.jar" scope="COMPILE">
+		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/commons-codec-1.17.0.jar!/"/>
 	</lib>
 	<lib name="commons-lang3-3.12.0.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/commons-lang3-3.12.0.jar!/"/>
@@ -19,27 +19,27 @@
 	<lib name="httpcore-4.4.16.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/httpcore-4.4.16.jar!/"/>
 	</lib>
-	<lib name="jackson-annotations-2.16.1.jar" scope="COMPILE">
-		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-annotations-2.16.1.jar!/"/>
+	<lib name="jackson-annotations-2.16.2.jar" scope="COMPILE">
+		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-annotations-2.16.2.jar!/"/>
 	</lib>
-	<lib name="jackson-core-2.16.1.jar" scope="COMPILE">
-		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-core-2.16.1.jar!/"/>
+	<lib name="jackson-core-2.16.2.jar" scope="COMPILE">
+		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-core-2.16.2.jar!/"/>
 	</lib>
-	<lib name="jackson-databind-2.16.1.jar" scope="COMPILE">
-		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-databind-2.16.1.jar!/"/>
+	<lib name="jackson-databind-2.16.2.jar" scope="COMPILE">
+		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/jackson-databind-2.16.2.jar!/"/>
 	</lib>
 	<lib name="javax.inject-1.jar" scope="COMPILE">
 		<relative-module-cls project-related="jar://$PROJECT_DIR$/plugin/target/dependency/javax.inject-1.jar!/"/>
 	</lib>
 	<levels>
-		<level name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.16.1" value="project"/>
-		<level name="Maven: com.fasterxml.jackson.core:jackson-core:2.16.1" value="project"/>
-		<level name="Maven: com.fasterxml.jackson.core:jackson-databind:2.16.1" value="project"/>
+		<level name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.16.2" value="project"/>
+		<level name="Maven: com.fasterxml.jackson.core:jackson-core:2.16.2" value="project"/>
+		<level name="Maven: com.fasterxml.jackson.core:jackson-databind:2.16.2" value="project"/>
 		<level name="Maven: org.apache.commons:commons-lang3:3.12.0" value="project"/>
 		<level name="Maven: org.apache.httpcomponents:httpcore:4.4.16" value="project"/>
 		<level name="Maven: org.apache.httpcomponents:httpclient:4.5.14" value="project"/>
 		<level name="Maven: commons-logging:commons-logging:1.2" value="project"/>
-		<level name="Maven: commons-codec:commons-codec:1.16.1" value="project"/>
+		<level name="Maven: commons-codec:commons-codec:1.17.0" value="project"/>
 		<level name="Maven: javax.inject:javax.inject:1" value="project"/>
 	</levels>
 </component>
diff --git a/plugin/pom.xml b/plugin/pom.xml
@@ -17,19 +17,19 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-annotations</artifactId>
-        <version>2.16.1</version>
+        <version>2.16.2</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-core</artifactId>
-        <version>2.16.1</version>
+        <version>2.16.2</version>
       <type>jar</type>
     </dependency>
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-        <version>2.16.1</version>
+        <version>2.16.2</version>
       <type>jar</type>
     </dependency>
     <dependency>
@@ -58,7 +58,7 @@
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
-        <version>1.16.1</version>
+        <version>1.17.0</version>
     </dependency>
     <dependency>
       <groupId>javax.inject</groupId>

diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/properties/PreferencesPage.java b/plugin/src/main/java/io/snyk/eclipse/plugin/properties/PreferencesPage.java
@@ -35,10 +35,14 @@ public void init(IWorkbench workbench) {
     protected void createFieldEditors() {
         TokenFieldEditor tokenField = new TokenFieldEditor(Preferences.getInstance(), Preferences.AUTH_TOKEN_KEY,
             "Snyk API Token:", getFieldEditorParent());
+
+        addField(new BooleanFieldEditor(Preferences.USE_TOKEN_AUTH, "Use token authentication. It is recommended to keep this turned off, as the default OAuth2 authentication is more secure.", 
+                getFieldEditorParent()));
+
         addField(tokenField);
-        addField(new StringFieldEditor(Preferences.PATH_KEY, "Path:", getFieldEditorParent()));
-        addField(new StringFieldEditor(Preferences.ENDPOINT_KEY, "Custom Endpoint:", getFieldEditorParent()));
-        addField(new BooleanFieldEditor(Preferences.INSECURE_KEY, "Allow unknown certificate authorities",
+        addField(new StringFieldEditor(Preferences.PATH_KEY, "Path:", 80, getFieldEditorParent()));
+        addField(new StringFieldEditor(Preferences.ENDPOINT_KEY, "Custom Endpoint:", 80, getFieldEditorParent()));
+        addField(new BooleanFieldEditor(Preferences.INSECURE_KEY, "Allow unknown certificate authorities", 
             getFieldEditorParent()));
 
         addField(space());
@@ -61,11 +65,11 @@ protected void createFieldEditors() {
         addField(new BooleanFieldEditor(Preferences.SCANNING_MODE_AUTOMATIC, "Scan automatically on start-up and save", getFieldEditorParent()));
         addField(space());
         addField(new LabelFieldEditor("Advanced options:", getFieldEditorParent()));
-        addField(new StringFieldEditor(Preferences.ORGANIZATION_KEY, "Organization:", getFieldEditorParent()));
+        addField(new StringFieldEditor(Preferences.ORGANIZATION_KEY, "Organization:", 80, getFieldEditorParent()));
         addField(
-            new StringFieldEditor(Preferences.ADDITIONAL_PARAMETERS, "Additional Parameters:", getFieldEditorParent()));
+            new StringFieldEditor(Preferences.ADDITIONAL_PARAMETERS, "Additional Parameters:", 80, getFieldEditorParent()));
         addField(
-            new StringFieldEditor(Preferences.ADDITIONAL_ENVIRONMENT, "Additional Environment:", getFieldEditorParent()));
+            new StringFieldEditor(Preferences.ADDITIONAL_ENVIRONMENT, "Additional Environment:", 80, getFieldEditorParent()));
 
         addField(space());
         BooleanFieldEditor manageBinaries = new BooleanFieldEditor(Preferences.MANAGE_BINARIES_AUTOMATICALLY,
@@ -74,7 +78,7 @@ protected void createFieldEditors() {
             System.out.println("managed bionaries changed");
         });
         addField(manageBinaries);
-        addField(new StringFieldEditor(Preferences.CLI_BASE_URL, "Base URL for CLI download:", getFieldEditorParent()));
+        addField(new StringFieldEditor(Preferences.CLI_BASE_URL, "Base URL for CLI download:", 80, getFieldEditorParent()));
         addField(new FileFieldEditor(Preferences.CLI_PATH, "Snyk CLI (incl. Language Server):", getFieldEditorParent()));
 
         addField(space());
@@ -91,7 +95,8 @@ protected void createFieldEditors() {
                 + "paths are safe to scan. Every path below a given path is considered safe to scan. \n"
                 + "Please separate entries with \"" + File.pathSeparator + "\".",
             getFieldEditorParent()));
-        addField(new StringFieldEditor(Preferences.TRUSTED_FOLDERS, "Trusted Folders:", getFieldEditorParent()));
+        StringFieldEditor trustedFoldersEditor = new StringFieldEditor(Preferences.TRUSTED_FOLDERS, "Trusted Folders:", 80, getFieldEditorParent());
+		addField(trustedFoldersEditor);
         disableSnykCodeIfOrgDisabled();
     }
 

diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/properties/TokenFieldEditor.java b/plugin/src/main/java/io/snyk/eclipse/plugin/properties/TokenFieldEditor.java
@@ -11,7 +11,7 @@ public class TokenFieldEditor extends StringFieldEditor {
 
   protected TokenFieldEditor(io.snyk.eclipse.plugin.properties.preferences.Preferences store, String name, String labelText,
                              Composite parent) {
-    super(name, labelText, parent);
+    super(name, labelText, 80, parent);
     this.store = store;
     getTextControl().setEchoChar('*');
   }

diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/properties/preferences/Preferences.java b/plugin/src/main/java/io/snyk/eclipse/plugin/properties/preferences/Preferences.java
@@ -17,7 +17,7 @@ public class Preferences {
 
   public static synchronized Preferences getInstance() {
     if (CURRENT_PREFERENCES == null) {
-      CURRENT_PREFERENCES = new Preferences(new SecurePreferenceStore()); 
+      CURRENT_PREFERENCES = new Preferences(new SecurePreferenceStore());
     }
     return CURRENT_PREFERENCES;
   }
@@ -42,15 +42,13 @@ public static synchronized Preferences getInstance(PreferenceStore store) {
   public static final String ADDITIONAL_ENVIRONMENT = "ADDITIONAL_ENVIRONMENT";
   public static final String SEND_ERROR_REPORTS = "SEND_ERROR_REPORTS";
   public static final String LSP_VERSION = "LSP_VERSION";
+  public static final String USE_TOKEN_AUTH = "useTokenAuth";
 
   // This is a bit confusing - CLI takes DISABLE as env variable, but we ask for ENABLE, so we need to revert it
   // when populating the environment
   public static final String ENABLE_TELEMETRY = EnvironmentConstants.ENV_DISABLE_ANALYTICS;
   public static final String MANAGE_BINARIES_AUTOMATICALLY = "SNYK_CFG_MANAGE_BINARIES_AUTOMATICALLY";
   public static final String ORGANIZATION_KEY = EnvironmentConstants.ENV_SNYK_ORG;
-  public static final String AUTHENTICATION_METHOD = "AUTHENTICATION_METHOD";
-  public static final String AUTH_METHOD_TOKEN = "token";
-  public static final String AUTH_METHOD_OAUTH = "oauth";
   public static final String SCANNING_MODE_AUTOMATIC = "scanningMode";
 
   private final PreferenceStore store;
@@ -81,38 +79,38 @@ public static synchronized Preferences getInstance(PreferenceStore store) {
     if (getPref(LSP_VERSION) == null) {
       store(LSP_VERSION, "1");
     }
-
-    if (getPref(AUTHENTICATION_METHOD) == null || getPref(AUTHENTICATION_METHOD).isBlank()) {
-      store(AUTHENTICATION_METHOD, AUTH_METHOD_TOKEN);
-    }
 
     String token = SystemUtils.getEnvironmentVariable(EnvironmentConstants.ENV_SNYK_TOKEN, "");
     if (getPref(AUTH_TOKEN_KEY) == null && !"".equals(token)) {
       store(AUTH_TOKEN_KEY, token);
     }
-    
+
     String endpoint = SystemUtils.getEnvironmentVariable(EnvironmentConstants.ENV_SNYK_API, "");
     if (getPref(ENDPOINT_KEY) == null && !"".equals(endpoint)) {
       store(ENDPOINT_KEY, endpoint);
     }
-    
+
     String org = SystemUtils.getEnvironmentVariable(EnvironmentConstants.ENV_SNYK_ORG, "");
     if (getPref(ORGANIZATION_KEY) == null && !"".equals(org)) {
       store(ORGANIZATION_KEY, org);
     }
-    
+
     String cliPath = getDefaultCliPath();
     if (getPref(CLI_PATH) == null && !"".equals(cliPath)) {
       store(CLI_PATH, cliPath);
     }
-    
+
     if (getPref(CLI_BASE_URL) == null || getPref(CLI_BASE_URL).isBlank()) {
       store(CLI_BASE_URL, "https://static.snyk.io");
     }
-    
+
     if (getPref(SCANNING_MODE_AUTOMATIC) == null) {
       store.put(SCANNING_MODE_AUTOMATIC, "true");
     }
+
+    if (getPref(USE_TOKEN_AUTH) == null) {
+        store.put(USE_TOKEN_AUTH, "true");
+    }
   }
 
   private String getDefaultCliPath() {
@@ -176,10 +174,10 @@ public IPreferenceStore getStore() {
   public boolean getBooleanPref(String key) {
    return store.getBoolean(key, false);
   }
-  
+
   public boolean getBooleanPref(String key, boolean defaultValue) {
     return store.getBoolean(key, defaultValue);
   }
- 
+
 }
 
diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/runner/ProcessRunner.java b/plugin/src/main/java/io/snyk/eclipse/plugin/runner/ProcessRunner.java
@@ -125,20 +125,21 @@ private void setupProcessBuilderBase(ProcessBuilder pb) {
       }
     }
 
-    String authMethod = Preferences.getInstance().getPref(Preferences.AUTHENTICATION_METHOD);
     String token = Preferences.getInstance().getAuthToken();
-    if (token != null && !token.isBlank() && authMethod.equals(Preferences.AUTH_METHOD_OAUTH)) {
-      try {
-	      ObjectMapper objectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-	      var oauthToken = objectMapper.readValue(token, OAuthToken.class);
-	      pb.environment().put(EnvironmentConstants.ENV_OAUTH_ACCESS_TOKEN, oauthToken.getAccessToken());
-	      pb.environment().remove(EnvironmentConstants.ENV_SNYK_TOKEN);
-      } catch (Exception e) {
-    	  SnykLogger.logError(e);
+    if (token != null && !token.isBlank()) {
+      if (Preferences.getInstance().getBooleanPref(Preferences.USE_TOKEN_AUTH, true)) {
+    	  pb.environment().put(EnvironmentConstants.ENV_SNYK_TOKEN, token);
+    	  pb.environment().remove(EnvironmentConstants.ENV_OAUTH_ACCESS_TOKEN);
+      } else {
+	      try {
+		      ObjectMapper objectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+		      var oauthToken = objectMapper.readValue(token, OAuthToken.class);
+		      pb.environment().put(EnvironmentConstants.ENV_OAUTH_ACCESS_TOKEN, oauthToken.getAccessToken());
+		      pb.environment().remove(EnvironmentConstants.ENV_SNYK_TOKEN);
+	      } catch (Exception e) {
+	    	  SnykLogger.logInfo(token);
+	      }
       }
-    } else {
-      pb.environment().put(EnvironmentConstants.ENV_SNYK_TOKEN, token);
-      pb.environment().remove(EnvironmentConstants.ENV_OAUTH_ACCESS_TOKEN);
     }
 
     String insecure = Preferences.getInstance().getPref(Preferences.INSECURE_KEY);

diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/runner/SnykCliRunner.java b/plugin/src/main/java/io/snyk/eclipse/plugin/runner/SnykCliRunner.java
@@ -67,7 +67,7 @@ private ProcessResult snykRun(List<String> arguments, Optional<File> navigatePat
       return ProcessResult.error(e.getMessage());
     }
   }
-  
+
   private void checkIfTrusted(File file) {
     var trustedPaths = Preferences.getInstance().getPref(Preferences.TRUSTED_FOLDERS, "");
     if (!trustedPaths.contains(file.getAbsolutePath())) {

diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/wizards/SnykWizard.java b/plugin/src/main/java/io/snyk/eclipse/plugin/wizards/SnykWizard.java
@@ -2,7 +2,6 @@
 
 import java.util.Arrays;
 
-import org.eclipse.core.resources.IProject;
 import org.eclipse.core.resources.ResourcesPlugin;
 import org.eclipse.jface.viewers.IStructuredSelection;
 import org.eclipse.jface.wizard.Wizard;

diff --git a/plugin/src/main/java/io/snyk/eclipse/plugin/wizards/SnykWizardConfigureAPIPage.java b/plugin/src/main/java/io/snyk/eclipse/plugin/wizards/SnykWizardConfigureAPIPage.java
@@ -20,7 +20,7 @@
 public class SnykWizardConfigureAPIPage extends WizardPage implements Listener {
   private Text endpoint;
   private Button unknownCerts;
-  private String defaultEndpoint = "https://app.snyk.io/api";
+  private String defaultEndpoint = "https://api.snyk.io";
   private String initialEndpoint = Preferences.getInstance().getEndpoint();
 
   public SnykWizardConfigureAPIPage() {
@@ -41,7 +41,7 @@ public void createControl(Composite parent) {
     composite.setLayout(gl);
 
     Label endpointLabel = new Label(composite, SWT.NONE);
-    endpointLabel.setText("Specify the custom endpoint for Single Tenant setups (default: https://app.snyk.io/api):");
+    endpointLabel.setText("Specify the custom endpoint for Single Tenant setups (default: https://api.snyk.io):");
 
     String endpointValue = initialEndpoint == null || initialEndpoint.isBlank() ? this.defaultEndpoint : initialEndpoint;
     endpoint = new Text(composite, SWT.BORDER);

diff --git a/plugin/src/main/java/io/snyk/languageserver/LsConfigurationUpdater.java b/plugin/src/main/java/io/snyk/languageserver/LsConfigurationUpdater.java
@@ -51,10 +51,15 @@ Settings getCurrentSettings() {
         }
         String enableTrustedFolderFeature = Boolean.TRUE.toString();
         String scanningMode = preferences.getBooleanPref(Preferences.SCANNING_MODE_AUTOMATIC) ? "automatic" : "manual";
+        boolean useTokenAuth = preferences.getBooleanPref(Preferences.USE_TOKEN_AUTH, true);
+        var authMethod = "oauth";
+        if (useTokenAuth) {
+        	authMethod = "token";
+        }
         return new Settings(activateSnykOpenSource, activateSnykCode, activateSnykIac, insecure, endpoint, additionalParams,
             additionalEnv, path, sendErrorReports, enableTelemetry, organization, manageBinariesAutomatically, cliPath,
             token, integrationName, integrationVersion, automaticAuthentication, trustedFolders, enableTrustedFolderFeature,
-            scanningMode);
+            scanningMode, authMethod);
     }
 
     static class Settings {
@@ -84,12 +89,13 @@ static class Settings {
         private final String osPlatform = SystemUtils.OS_NAME;
         private final String scanningMode;
         private final String requiredProtocolVersion = LsBinaries.REQUIRED_LS_PROTOCOL_VERSION;
+        private final String authenticationMethod;
 
         public Settings(String activateSnykOpenSource, String activateSnykCode, String activateSnykIac, String insecure,
                         String endpoint, String additionalParams, String additionalEnv, String path, String sendErrorReports,
                         String enableTelemetry, String organization, String manageBinariesAutomatically, String cliPath, String token,
                         String integrationName, String integrationVersion, String automaticAuthentication, String[] trustedFolders,
-                        String enableTrustedFoldersFeature, String scanningMode) {
+                        String enableTrustedFoldersFeature, String scanningMode, String authMethod) {
             this.activateSnykOpenSource = activateSnykOpenSource;
             this.activateSnykCode = activateSnykCode;
             this.activateSnykIac = activateSnykIac;
@@ -110,6 +116,7 @@ public Settings(String activateSnykOpenSource, String activateSnykCode, String a
             this.trustedFolders = trustedFolders;
             this.enableTrustedFoldersFeature = enableTrustedFoldersFeature;
             this.scanningMode = scanningMode;
+            this.authenticationMethod = authMethod;
         }
 
         public String getPath() {
@@ -208,6 +215,10 @@ public String getScanningMode() {
             return scanningMode;
         }
 
+		public String getAuthenticationMethod() {
+			return authenticationMethod;
+		}
+
         public String getRequiredProtocolVersion() {
             return requiredProtocolVersion;
         }